有人可以告诉我为什么我的verify_password不工作在codeigniter [英] Can someone tell me why my verify_password is not working in codeigniter
问题描述
我是新来的,这么光明我。
I'm new to this so bare with me.
我正在尝试使用verify_password登录。我有这个工作后,我更新到php5.5现在它不工作。我不知道我做了什么来打破它。
I'm trying to log in using verify_password. I had this working after I updated to php5.5 now it's not working. I don't know what I have done to break it.
<?php
class Login_model extends CI_Model {
public function __construct() {
// Call the CI_Model Constructor
parent::__construct();
$this -> load -> database();
}
public function login($email, $password) {
// SELECT id, email, password FROM user_registration WHERE email = $email & password =$password LIMIT 1
$this -> db -> select('id, email, password');
$this -> db -> from('user_registration');
$this -> db -> where('email', $email);
$this -> db -> where('password', verify_password($password, 'md5'));
$this -> db -> limit(1);
$query = $this -> db -> get();
// IF THERE IS ONLY 1 ROW OF RESULTS THEN RETURN RESULTS.
if ($query -> num_rows() == 1) {
return $query -> result();
} else {
return false;
}
}
}
这里是控制器
Here's the Controller
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
public function __construct()
{
// Call the CI_Model Constructor
parent::__construct();
//session_start();
$this->load->model('login_model');
}
public function index()
{
// For development only
//---------------------------------------------------------------
$this->output->enable_profiler(TRUE);
//---------------------------------------------------------------
// load form validation library
$this->load->library('form_validation');
// Validate the form
$this->form_validation->set_rules('email', 'Email', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database|md5');
//$this->form_validation->set_rules('password', 'Password', 'trim|required|md5');
// if the validations were not run
// display the form
if($this->form_validation->run() == FALSE)
{
$this->load->view('html');
$this->load->view('header');
$this->load->view('navigation');
$this->load->view('login');
$this->load->view('footer');
}else{
// if the for is validated, it will be sent
// to check_database to process the data and start a session
// if all is ok, redirect to mypage where the session will bring up
// all of the users data
redirect('mypage', 'refresh');
}
}
function check_database($password)
{
//$password_matches = $this->ion_auth->hash_password_db($user->id, $old_password);
//Field validation succeeded. Validate against database
// $password is the posted password
$email = $this->input->post('email');
// query the database, passing it the email & password
// return an object
$result = $this->login_model->login($email, $password);
print_r($result);
// get the user id
//$id = $result[0]->id;
// if a result was returned
// trap the id in a session
// else show an error message
if($result){
$this->session->set_userdata('user_id', $id);
}else{
$this->form_validation->set_message('check_database', 'Invalid email or password');
}
}
}
推荐答案
当使用password_hash()时,你不需要使用MD5有趣的使用它来创建密码哈希。使用password_hash()可以用MD5创建一个更安全的密码。
When using password_hash() you do not need to use MD5 with amusing you use that to create password hash. With password_hash() creates a more secure password with out MD5.
$hash_input_password = $this->input->post('password');
password_hash($hash_input_password, PASSWORD_BCRYPT);
如何验证密码
<?php
// See the password_hash() example to see where this came from.
// Some thing like $2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq'
$hash = $password_from_db;
if (password_verify($this->input->post('password'), $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
这将更安全MD5
http://php.net/manual/en/function.password-hash。 php
http://php.net/manual/en/function.password-verify.php
数据库列密码varchar(255)
PHP 5.5.0 +
用户。在底部查看addUser函数
Hashing password when creating new user. View addUser function at bottom
$hash_input_password = $this->input->post('password');
$password_to_db = password_hash($hash_input_password, PASSWORD_BCRYPT);
登录模型功能示例
public function login() {
$username = $this->input->post('username');
$password = $this->input->post('password');
$hashed_password = $this->confirm_password();
$this->db->where('username', $username);
$this->db->where('password', password_verify($password, $hashed_password));
$user_query = $this->db->get($this->db->dbprefix . 'user');
if ($user_query->num_rows() > 0) {
$set_userdata = array(
'user_id' => $user_query->row('user_id'),
'username' => $user_query->row('username')
);
$this->session->set_userdata($set_userdata);
return true;
} else {
return false;
}
}
确认密码 p>
Confirm Password
public function confirm_password() {
$this->db->where('username', $this->input->post('username'));
$query = $this->db->get($this->db->dbprefix . 'user');
if ($query->num_rows() > 0) {
$row = $query->row('password');
$password = $row->password;
} else {
return false;
}
return $password;
}
完整登录控制器
$ b
Full Login Controller
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->library('form_validation');
}
public function index() {
$this->form_validation->set_rules('username', 'Username', 'required|callback_validate');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == FALSE) {
$this->load->view('login_view');
} else {
redirect('dashboard');
}
}
public function validate() {
$username = $this->input->post('username');
$password = $this->input->post('password');
if (!isset($username) || !isset($password) || !$this->login($this->input->post('username'), $this->input->post('password'))) {
$this->form_validation->set_message('validate', 'No match for Username and/or Password.');
return FALSE;
}
}
public function login($username = 0, $password = 0) {
$username = $this->input->post('username');
$password = $this->input->post('password');
$hashed_password = $this->confirm_password();
$this->db->where('username', $username);
$this->db->where('password', password_verify($password, $hashed_password));
$user_query = $this->db->get($this->db->dbprefix . 'user');
if ($user_query->num_rows() > 0) {
$set_userdata = array(
'user_id' => $user_query->row('user_id'),
'username' => $user_query->row('username')
);
$this->session->set_userdata($set_userdata);
return true;
} else {
return false;
}
}
public function confirm_password() {
$this->db->where('username', $this->input->post('username'));
$query = $this->db->get($this->db->dbprefix . 'user');
if ($query->num_rows() > 0) {
$row = $query->row('password');
$password = $row->password;
} else {
return false;
}
return $password;
}
}
添加用户 p>
Add User
public function addUser() {
$hash_input_password = $this->input->post('password');
$password_to_db = password_hash($hash_input_password, PASSWORD_BCRYPT);
$data = array(
'username' => $this->input->post('username'),
'password' => $password_to_db,
'firstname' => $this->input->post('firstname'),
'lastname' => $this->input->post('lastname'),
'email' => $this->input->post('email'),
'status' => "1",
'date_added' => mdate('%Y-%m-%d %H:%i:%s', now()) // Need to load date helper
);
$this->db->insert($this->db->dbprefix . 'user', $data);
}
这篇关于有人可以告诉我为什么我的verify_password不工作在codeigniter的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!